Dutch prosecutors have found a hacker did successfully log in to Donald Trump’s Twitter account by guessing his password – “MAGA2020!”
But they will not be punishing Victor Gevers, who was acting “ethically”.
Mr. Gevers shared what he said were screenshots of the inside of Mr. Trump’s account on 22 October, during the final stages of the US presidential election.
But at the time, the White House denied it had been hacked and Twitter said it had no evidence of it.
In reference to the latest development, Twitter said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
The White House has not responded to a request for further comment.
Mr. Gevers said he was very happy with the outcome.
“This is not just about my work but all volunteers who look for vulnerabilities on the internet,” he said.
The well respected cyber-security researcher said he had been conducting a semi-regular sweep of the Twitter accounts of high-profile US election candidates, on 16 October, when he had guessed President Trump’s password.
Dutch police said: “The hacker released the login himself.
“He later stated to police that he had investigated the strength of the password because there were major interests involved if this Twitter account could be taken over so shortly before the presidential election.”
They had sent the US authorities their findings, they added.
Mr. Gevers had told officers he had substantially more evidence of the “hack”.
In theory, he would have been able to see all the president’s data, including:
- private photos and messages
- privately bookmarked tweets
- how many people he had blocked
The president’s account, which has 89 million followers, is now secure.
But Twitter has refused to answer direct questions from BBC News, including whether the account had extra security or logs that would have shown an unknown login.
Earlier this year, Mr. Gevers also claimed he and other security researchers had logged in to Mr. Trump’s Twitter account in 2016 using a password – “yourefired” – linked to another of his social-network accounts in a previous data breach.